For those who are exhausted due to Forbidden repeated attacks on apache2.4

Hello.
I'm Mandai, in charge of Wild on the development team.

When I tried configuring apache 2.4 for the first time in a while, I was frustrated because I kept getting Forbidden, so I summarized what I tried.

 

This time's error details

The error I encountered this time is as follows.

[Mon Jun 05 09:45:45.490521 2017] [core:crit] [pid 8125] (13)Permission denied: [client 127.0.0.1:36174] AH00529: /var/www/vhosts/wordpress/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/wordpress/' is executable, referer: http://wp.localhost/readme.html

 

The subdomain wp.localhost is assigned to 127.0.0.1 in /etc/hosts.
As you can imagine, this is a wordpress development subdomain.

Since I was reusing a VM created in the past with VirtualBox, I thought I could skip the settings around here!

This time, I decided to launch Eclipse on the desktop inside the VM and do some development, and restarted it to use two displays.
Now that I think about it, this wasn't a good thing.

 

This solution

After searching for an hour, I thought that all I could find was information related to permissions, and just as I was about to give up and go home, I noticed the SELinux characters that I had completely forgotten about.
At times like this, honestly

sudo setenforce 0

 

This is the only option.

It moved safely!

When you reboot, the previously executed setenforce is reset.
Since it was a temporary solution, I decided not to edit /etc/selinux/config.

In the end, I had forgotten that stance, and it was no longer a stance at all.

Basically, the VM is stopped by "save state", so it is not shut down in terms of the VM.

 

There are other possibilities

It seems that this error is not always caused by SELinux, and I found various answers.

 

If permissions are the cause

The document root directory (in this case, /var/www/vhosts/wordpress/) does not have viewing permissions, so the underlying files cannot be accessed.

This can be done by adding execute permission on the document root directory.

chmod +x /var/www/vhosts/wordpress/

 

There are some patterns like this.

 

If the cause is user privileges

Think about this first.
However, this is often not the case.

In the first place, files are not created with permissions like "770" or "750" in the development environment.
I would like to think based on "755" and "644".

 

Symbolic links are disabled

This happens embarrassingly sometimes.

Add Options FollowSymlinks.

We just have to be careful.

 

summary

In this case, I would like to use the following minimal httpd.conf configuration and do as little work as possible on environment construction.

<VirtualHost wp.localhost:80>ServerName wp.localhost DocumentRoot /var/www/vhosts/wordpress<Directory /var/www/vhosts/wordpress> Options FollowSymlinks Includes AllowOverride All Require all granted</Directory></VirtualHost>

 

I definitely don't want to forget this and the SELinux settings.

 
That's it.